PatchSiren cyber security CVE debrief

CVE-2024-37995 Siemens CVE debrief

A vulnerability in Siemens SIMATIC RFID Readers allows an attacker to cause an application crash and potentially disclose sensitive information by uploading a faulty certificate. The affected application does not properly handle errors during certificate upload operations, leading to a denial-of-service condition. This vulnerability affects 27 Siemens SIMATIC RFID Reader products across multiple product families including RF610R, RF615R, RF650R, RF680R, RF685R, RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, RF360R, RF1140R, and RF1170R series devices. Siemens has released firmware updates to address this issue, with different version requirements depending on the specific product model.

Vendor: Siemens
Product: SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0)
CVSS: LOW 2.7
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-09-10
Original CVE updated: 2025-05-06
Advisory published: 2024-09-10
Advisory updated: 2025-05-06

Who should care

Organizations operating Siemens SIMATIC RFID Reader systems in industrial environments, particularly those in manufacturing, logistics, and supply chain operations where RFID tracking is critical. System administrators responsible for certificate management on these devices should prioritize firmware updates. Security teams in OT/ICS environments should assess exposure of device management interfaces and implement compensating controls where immediate patching is not feasible. Organizations subject to industrial cybersecurity regulations or frameworks should track this vulnerability for compliance reporting.

Technical summary

The vulnerability exists in the certificate upload functionality of affected Siemens SIMATIC RFID Readers. When a malformed or faulty certificate is uploaded, the application fails to properly handle the resulting error condition, causing the application to crash. This crash condition may lead to disclosure of sensitive information. The vulnerability requires high privileges (administrative access) to exploit, as certificate upload functionality is typically restricted to authorized administrators. The attack vector is network-based with low complexity, meaning an attacker with administrative credentials could trigger the condition remotely without user interaction. The primary impact is availability degradation (application crash), though the advisory description indicates potential for sensitive information disclosure as a secondary concern.

Defensive priority

LOW

Recommended defensive actions

Apply vendor-provided firmware updates: RF1140R and RF1170R to V1.1 or later; RF166C, RF185C, RF186C, RF186CI, RF188C, RF188CI, and RF360R to V2.2 or later; RF610R, RF615R, RF650R, RF680R, and RF685R series to V4.2 or
Restrict network access to affected RFID reader management interfaces to authorized administrative hosts only
Monitor for unexpected application crashes or service interruptions on affected devices
Validate certificate files before upload to ensure proper formatting and integrity
Implement network segmentation to isolate industrial control system devices from untrusted networks
Follow CISA ICS recommended practices for defense-in-depth strategies

Evidence notes

The vulnerability was disclosed by CISA in advisory ICSA-24-256-07 on September 10, 2024, with a revision on May 6, 2025 to fix typos. The advisory references Siemens security advisory SSA-765405. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L) indicates network attack vector with low attack complexity, high privileges required, no user interaction, and low availability impact with no confidentiality or integrity impact. However, the description notes potential for sensitive information disclosure despite the CVSS scoring.

Official resources

2024-09-10